To check on the ownership of your domain name, go to Domain Tools and type the domain name into the search box. You will see the registration information of record, as in this example.

You or your business should always be listed at the top as Registrant. It’s perfectly ok if the hosting company is listed under Administrative or Technical Contact — the Registrant is the actual owner and the one who controls what happens to the name. The Billing Contact should be the person or entity that actually pays the domain renewal fees each year. This might be you or it might be your hosting company. Either is fine.

Many hosting companies offer a “free” domain name as part of your hosting package, but there can be a catch.

Now look at this WhoIs information. This is a real domain registration, a domain name that is the name of a real quilt artist. I’ve changed it here to “FamousQuilter.com” for the sake of anonymity.

This artist signed up for web hosting from a large hosting provider which offers a free domain name included with the cost of their inexpensive shared webhosting. After some period of time she became dissatisfied with the hosting account and changed hosts, only to realize that the original hosting company owned her domain name. Her own personal name, and they owned it. Nor would they consider releasing it to her for any amount of money.

She eventually registered “FamousQuilter.net” and set up her new website under that name, but the first hosting company still controls the .com version. Legal recourse is possible but very expensive; the artist must first file a legal trademark for her own name and then, if trademark protection is granted, file a dispute with ICANN concerning the improper use of her trademark. These two actions would cost a minimum of $2,500 and could require several years for resolution.

Note well the annotations I’ve circled in red: “Client Update Prohibited” and “Client Transfer Prohibited.” The artist has no control over her own personal name, and she can’t do anything about it without legal action and much expense.

Not all webhosting companies will hold your domain name hostage.

Many web hosts will offer to register a domain name in your name as a service or as part of a webhosting package. With some hosts, transferring your name to your own account is easy if you later decide to change web hosts; with others it’s a bit more hassle. However, if your name is listed as Registrant, you have final control over the account. And if someone else is managing your domain name(s), you generally don’t need to worry about renewals and other behind-the-scenes minutiae. It’s included in your monthly or annual hosting fees.

Make sure that your webhost offers registration in your own name if you choose to register through them.

How much does a domain name cost, if you register it yourself?

Domain name registrars are permitted to set their own rates by ICANN, the international entity which oversees all domain name registrations worldwide. Here is a sampling of current registration costs for .com domain name from several major companies (all rates are for one year; discounts often available for multi-year registrations):

- GoDaddy $10.69
- DotEarth $25.00
- EnomCentral.com $34.00
- Network Solutions $34.99
- Register.com $35.00

Note that rates for all registrars are increasing on July 1 of 2010, by order of ICANN.

How much is your business name — and your personal name as an artist — worth? Make sure that, whoever registers your domain name, you are listed as the owner/Registrant.

Don’t make a costly mistake in order to save a few dollars at the beginning.

A talented writer and artist created a long, detailed blog postabout creating stamps for decorating fabric. Many people praised it and several asked her to release it in e-book form so they could download and keep a copy. Agreeing that it was a terrific idea, she published it as a Kindle book available from Amazon. She immediately found herself in the midst of a storm of controversy.

Some readers felt that she had no right to charge for the information that she had previously given away for free. One even went so far as to say that she now felt morally justified in “stealing” the material by copying and printing off the blog post. Others howled because they did not own a Kindle and thought they would have to buy a $250 reader device to download the book. Others howled because the Kindle is black-and-white only and the photographs that accompanied the article were in color. It’s also not possible to print from the Kindle, so the reader has no opportunity to create a hard copy for future reference.

Her readers were probably expecting a PDF ebook. Amazon ebooks are very easy to create and publish – just upload an HTML-encoded file (in which format the blog post already existed). Links remain links within the Kindle file. Creating a PDF ebook requires a bit more expertise from the author but would probably be worth it to the readers.

The author’s failure here lay in not educating her audience prior to releasing her product for sale. Kindle software which supports color images is available for PC/Mac, iPad, and iPhone, free from Amazon. No reading device is required. (Unfortunately, it doesn’t seem you can print from the Kindle software either.)

Until this little whirlwind occurred, I was not aware of the Amazon Kindle option for publishing ebooks. Creating both a Kindle version and a PDF version that could be sold directly seems to me to be a great pair of options for producing and distributing information products. Do both!

What about the free-vs-pay controversy?

Of course the author is entitled to charge for her work. The Amazon ebook sells for $2.99 and her royalty is about $1.00 per copy. Hardly highway robbery.

My suggestion would have been, once there was obvious interest in the information, to create both a PDF and the Kindle e-book, add a post to the blog about how to purchase them, and then take down the original post.

Those who howled about “no right to charge for it” would of course still howl. Most readers, I think, would have been very happy to pay a small amount to have it formatted and ready to print out without having to copy and paste from quirky blog software.

All it takes is a little education.

Daily:

1. Check and delete spam comments; approve any non-spam caught by mistake. Akismet can be set to delete spam comments after 14 days, but it’s easier to check when you have 20 or 30 to glance through instead of 250.

2. Check for new users that appear suspicious. Certain spammers target WordPress installations where new users may register without approval, in the hope that new users will be allowed posting privileges. If so, they can add spam posts dated far in the past so that they don’t show up in your list of recent posts, and hope you won’t notice them.

The best way to combat this: If you want to allow users to register on your blog, look at Settings -> General and be sure that the New User Default Role is set to Subscriber. Subscribers can read and comment but cannot make new posts.

If you start getting many suspicious user registrations and don’t want to manually check them all, take a look at the SABRE plugin. SABRE has a number of ways to check whether new registrations are being performed by humans or bots, and it’s very good at weeding out and denying the bots. I use it on all my own blogs and recommend it to all my clients.

3. Check for any plugins that need to be updated. You will see a notification in your Dashboard if this is the case. It should be easy to upgrade them; just click on the link that says “Upgrade automatically.”

Frequently:

1. Back up your database. I generally do this weekly, but if your webhost provides only weekly site backups and you have a very active site, you might prefer to do this daily or every other day.

The easiest way to back up your database is to install the WP-db-Backup plugin and set it to email you a copy at whatever frequency you choose. I then set my email program to automatically move the newest email into an archive folder. I keep the most recent one and delete the earlier versions.

Weekly:

1. Check your log files for 404 errors. These mean that someone tried to visit a page on your site, or perhaps look at an image, and couldn’t find it. If you’ve moved the page – say you published it in a category called “Art” and later changed it to “Architecture” so that the permalink changed – you can set up a redirect so that anyone trying to access the old page will be automatically whisked to the new one.

There’s a plugin for that, of course, and it’s called (oddly enough) Redirection.

If you want to just keep tabs on 404 errors, try JH 404 Logger .

2. Download a backup of your site files, which will include your theme – and more importantly – your uploaded images, videos, and other media. If you are short on disk space, just download the wp-content/themes/(name of theme you are using) and wp-content/uploads folders. Again, you need keep only the most recent copy and may delete or archive previous versions.

Once a month:

1. If you are on shared hosting and have a cap on your storage and bandwidth usage, you may want to keep tabs on your monthly usage. Some hosts will notify you when you reach 80% or more of your allotted bandwidth for the month, while others will just suspend without warning accounts that exceed their capacity. If you are consistently using most of your bandwidth each month, it might be time to consider upgrading to a more spacious account.

To check your bandwidth usage, you can go to your control panel — there is usually a link where you can check it. There is also a plugin that works with Google Analytics and can be set to show basic Analytics statistics right inside your WordPress Dashboard. This one is called Google Analytics for WordPress and has the potential to be very valuable if you need to keep track of a number of stats on your site.

There you are

Seven quick and easy tasks that will keep your installation of WordPress up to date, safe, and humming along. Happy blogging!

Confession: I just pushed away a client who has been a friend. She was one of my earliest website design clients, she’s referred several other people to me, and she’s also been a cheerleader for me in the past. At the beginning of May I asked her to find a new web host and also laid down new rules about our business relationship, including radically different payment terms. Today she sent me an email that she has found other hosting and someone else to take over work on her website. She’s gone, and I doubt the parting is amicable on her side.

Why in the world would I do something like that?

Hunting, Farming, and what happens when the tractor runs out of fuel

By nature I am a hunter. I love chasing bright new butterfly ideas. I love learning new skills and get great satisfaction out of creative challenges. I adore designing websites; my satisfaction, my joy, comes when a client sees a new concept and is completely blown away by it.

My business requires me, most of the time, to be a farmer. Once I’ve finished a new website, the remaining work, in most cases, is maintenance. I update the site periodically, I change out pictures, I revise the HTML, I check SEO rankings and tweak keywords and page descriptions. I weed. I water. I kill bugs. I drive a tractor and dream wistfully of hunting.

August of 2009 started an incredibly intense period of work for me. I stupidly radically overbooked myself, taking on seven new websites to be completed by the end of January (when I could reasonably have finished two in that time frame). I worked 12-14-16 hours a day, 7 days a week. I took off one day at Thanksgiving and another day at Christmas and then dove right back into it. I was so overbooked that I ended up sliding the last several deadlines and didn’t finish until mid-March.

Mid-March 2010: My hosting account got hacked and I didn’t know it.

Oh, it was my fault. My root password wasn’t secure enough, and someone stole or brute-force-guessed that root password and installed a copy of the Dark Mailer script inside my site at 2fishweb.com.

The first I knew of it was when this particular client, the one I just rejected, started complaining about her email. She uses an email address associated with her domain, and she started getting notices that email from her domain was being blocked by various ISPs’ anti-spam systems. I asked my server techs to check and they said everything was fine on my end; just to contact the ISPs and request de-listing of the IP address. I did that.

Two days later it was listed again. In four different spam blacklists. Server techs still said there was no spam going out from my IP, no unusual email activity, no reason for the blacklisting, and I should request de-listing.

To make a very long story short: It was like playing Whack-a-Mole. I would get the site de-listed with one blacklist agency and another would pop up. I repeatedly checked every single script in every single domain on the IP. I deactivated one client’s Mailman mailing list and removed another’s ability to sendmail() through PHP. It continued and continued and continued, and I was whacking varmints every day and farming my maintenance accounts every night and fielding constant inquiries about what was wrong and trying to fix everyone’s problems and getting yelled at on the phone and not… winning… the battle.

By the third week of April, I had no energy left for farming. My tractor was completely out of fuel. Whenever the phone rang I was ready to cry before I picked it up. I dreaded opening my email program because there would be more of the same. I couldn’t sleep more than an hour or two at a time, day or night. I couldn’t eat. I snapped at the bag boy who tried to take my groceries out to my car in the pouring rain. I spent days wishing I could just curl up in bed. Trying to sleep, trying to make it go away. I seriously considered giving every client their money back and quitting altogether. Then I’d remember my responsibility to my clients, drag myself up, turn on the computer and go search all the files in all the domains again, looking and looking and looking for something that shouldn’t be there.

And still I could not find why my server kept being blacklisted for spam.

April 22. I received an email at 11:45 am from the Abuse department of the company from which I rent my server, wanting to know why I had not addressed the cease-and-desist they had sent 24 hours earlier. I replied calmly that I had not received it. They sent me a copy and my blood went completely cold.

Someone on the outside, not one of my clients, had filed an abuse complaint with my upstream provider because of continuing spam originating from my IP. The cease-and-desist said “You have 24 hours to fix it or we will cancel your account.”

It was dated April 21… at 11:45 am.

I immediately responded to the cease-and-desist, outlining all the steps I had taken over the previous five weeks and listing every single ticket I had filed with the support desk asking for help finding the problem. My case was bumped up to a supervisor in the abuse department, who went into my server and within 15 minutes had found the exact script that was at fault and was able to tell me what had happened.

The script, Dark Mailer, is very, very sneaky. It didn’t send out tons of spam from my server or my email address at all. It contained a list of 20 or so open relays — servers which would accept email from an outside source and send it on without question. Dark Mailer would send out those 20 emails, not triggering any spam detectors on my outgoing mail server. When each of those 20 emails hit an open relay, it would immediately fire out hundreds of thousands of copies of the spam to addresses all over the globe… and every single one of them appeared to come from my IP address and my domain.

I deleted that one script, changed all the passwords, and voila, the spam stopped. It still took a week to get all my sites de-listed, but at least new blacklists weren’t popping up faster than I could whack the old ones.

(No one was ever able to tell me why Abuse could find it in 15 minutes after Support had spent five weeks telling me there was nothing wrong….)

In the meantime, I had rented a second server from a different company, one that takes spam complaints very seriously and promised they had my back if something like this ever happened again, and started the incredibly laborious process of moving all my clients over. Everything that could possibly go wrong went wrong. Secure certificates disappeared, databases didn’t reconnect, files went missing. Oh, I had everything backed up in duplicate and triplicate and was able to restore it all, but it took even more of the energy that I no longer had in order to make it all work.

Have I mentioned that I have fibromyalgia? Energy is not in plentiful supply under the best of circumstances. I cried a lot during this whole process. But I slogged through it and got it all done and made sure to weep only when no one could see me.

By the end of April, my husband announced that he was taking me away for a week before I killed somebody. We left on Monday afternoon, after a 4 pm meeting he had to attend. Got to Gatlinburg at nearly midnight. I was so tired and wired from the drive and the getting ready to go that I couldn’t sleep that night. (My husband does not drive due to a partial disability, so I have to do that too.)

Tuesday all hell broke loose. We went up into the mountains to walk and try to unwind, and when I came back and logged on to check email late in the day, I found out that two of my clients’ websites were completely down (one had forgotten to renew the domain name; one was yet another secure certificate problem) and there was a major problem with the mail client on a third. People had been calling all day and leaving frantic and progressively more angry voicemails while I was out of range and had my phone turned off.

At that point I was holding on by the thinnest thread over a chasm of complete meltdown.

And at that very moment, the client whose problems had started it all emailed to complain that I was not updating her site in a timely manner and she needed updates done NOW for a reason that was extremely important to her but which I actually can’t now remember.

Without stopping to think about it, I fired back that since her annual hosting fee was due on May 1, I would be obliged if she would immediately find a new web host and someone else to maintain her site. Since it was already very close to May 1, I would keep the site live without charge until June 1, but please take care of the changeover by then.

Today is May 31, and she has just sent me the information on her new webhost. She’s gone, and I doubt the parting is amicable on her side.

What did this whole ordeal teach me?

Someone once said that every problem you have is a lesson wrapped up in shit-brown paper. You just have to get past the shit and unwrap the lesson.

So. My lessons:

1. Don’t try to farm when the tractor is out of fuel.

I am not exactly sure how I’ll do this — whether I’ll find someone to help with the weeding and tilling and other uncreative maintenance tasks — or whether I’ll just be certain to avoid overbooking myself again. Or a combination of the two.

2. Make sure the tractor doesn’t run completely empty.

Like many caregivers (and service professionals are caregivers just as much as home health aides), I forgot to take care of myself while I was taking care of everyone else. During and after that week in the mountains, that week that was supposed to be my rest space, I completely crashed and burned. It has taken almost another month of rest, careful eating, exercise, and much introspection to come back to a place of relative harmony. I am making “taking care of me” a much higher priority from now on.

Remember that pre-takeoff airline thingie where the flight attendant tells you “if we experience a loss of cabin pressure, place the mask over your own face first?” You can’t take care of anyone else if you pass out from lack of oxygen.

3. As part of that taking care of me, make certain that my rewards are sufficient to compensate my efforts.

Because this person was a friend and one of my very first clients, we did things very informally and never executed a maintenance agreement. She was paying only for hosting, about $75 a year, and I never charged her for site updates. Not once in five years. During the early part of my business that was fine — I wasn’t that busy and didn’t mind doing her updates as a favor. She did, after all, refer several other clients to me in the meantime.

It was only the last few months, when I was beyond overloaded and she became very demanding, that I found I was resenting it more and more. I wasn’t getting paid for her updates, so she would have to wait until I got to it. Every hour I spent on her site was an hour I couldn’t bill out to a paying client. She, on the other hand, resented being pushed to the bottom of my to-do list but didn’t feel she could afford to pay me for updates.

So my lesson here is that when I begin to feel that I’m being used, that I am not sufficiently appreciated for my efforts on behalf of a client, something is out of whack and needs to be addressed. If I had tackled it sooner, I might not have felt so resentful and might not have ended up pushing her away.

Coming from a family culture of “suck it up and take care of everything cheerfully, no matter what,” this has been a very tough lesson for me to accept.

Summary

I f***ed up a business relationship and pushed away a friend. I’m human, I made a mistake, and I’m sorry for that.

But I am human. And humans, fortunately, are capable of learning from mistakes.

Now to work on forgiving myself…

(Puts on hat of Mrs. Spurlock, fifth-grade English teacher)

Grammar counts!

I followed a link this morning to a blog post that looked interesting, on the subject of making your WordPress installation hacker-proof. The first two sentences read:

Today there is more and more security breaches than ever before. Web browsers seems to fall behind faster than they can spell to themselves and this really makes an online business or venture quite hard work.

Web browsers spell to themselves? Who knew?

The entire article was unreadable because of numerous subject-verb number disagreements. Simple homonym problems such as “boarders” when the author meant “borders.” Not to mention the usual suspects of “it’s/its” and “you’re/your.”

I must be fair. Since there was no contact information on the site, I looked up the domain name WhoIs to find out that the site was registered in Sweden. English is obviously not the writer’s first language. On the other hand, if he is writing for an audience who will read in a language not his own, it seems reasonable to have a fluent speaker review and edit the article. This reads like he ran it through Babelfish.

The writer of this blog post failed in his most important task — he did not communicate his ideas clearly. He was so muddly, in fact, that I have made a note not to follow any links to this particular website in the future. It’s just not worth my time to try to puzzle out what he means.

Spelling counts too!

CBS42.com, which really should know better, recently ran a story about former HealthSouth CEO Richard Scrushy and his ongoing battle with the courts over hidden assets.

Attorney for HealthSouth shareholders John Somerville was quoted:

”[The] IRS back in 2003 documented some 300 million dollars worth of property he had and that frankly a lot of it is missing. All the jewelry, 21 carrot diamonds, artwork is missing…”

Although the meaning of the sentence is still clear in this case, the absurdity of the mental image completely stopped this reader’s train of thought.

How many readers are you potentially losing because of unclear writing or poor spelling skills?

I may regret this, but I just signed up with a service called Qwitter.

IMPORTANT NOTE: The correct URL is UseQwitter.com. If you try to go to Qwitter.com, you’ll end up on a soft porn page.

You don’t need to give your password, just your Twitter ID and your email address. Qwitter watches your followers list and sends you an email like this when someone unfollows you:

John Gruber (gruber) stopped following you on Twitter after you posted this tweet:

What’s the difference between Arial and Helvetica?

I say I may regret it because it might crush my ego that people don’t like me (sniffle), but on the other hand, it could be good information about who thinks I am boring or offensive (although I’m not nearly as potty-mouthed as some of the bloggers I know. Okay, I’m not really potty-mouthed at all. Don’t want to raise false hopes either). This could help me post more useful information for those who do like what I write.

I’ll report back after I’ve had a chance to collect some data. In the meantime, do you keep track of your followers, or let ‘em fall where they may?

- Check your email account for suspicious activity
- Reset your password NOW
- Don’t use the same password for every login you use.

I’m not going to lecture on why it’s a bad idea to use your first pet’s name as your password. I’m just going to show you one way to choose a secure one that isn’t easily cracked.

If you have other methods, I’d love to hear about them in the comments.

What Not to Use

I know it’s more convenient to use an easily-rememberable word as your password, but it’s not a good idea to use a dictionary word because they are easily crackable. Use a password of at least 12 characters, with upper and lower case and numbers. Don’t use your birthday, your social security number, the word “password,” a string of numbers in sequence (like 1234) or in reverse (like 9876), or your name anywhere in the password.

Start by Choosing a Word of 7 or 8 Letters, plus a Date

An example: Let’s say you want to use the word “seahawk” because that was the name of your first yacht and you can remember it. Let’s also say that your mother-in-law’s birthday is June 24. Turn the birthday into 624 and scatter those numbers into the word. Here I’ve used them to separate the two words “sea” and “hawk,” because it will be a little easier to remember.

6sea2hawk4

Mix it Up a Little

Now throw in some capital letters in the third places of the two words (not the first places, because that’s expected and so is more easily crackable):

6seA2haWk4

Change the lowercase e to a 3 because it looks like a backwards E and it keeps “sea” from being a dictionary word:

6s3A2haWk4

Add Characters to Make a Total of 12 or 14

Hm. We only have 10 characters, so add two more letters at the end — maybe your mother’s initials:

6s3AhaWk4JM

There you go. Strong password based on a word and a date that you can remember.

Use Different Trailing Letters for Different Websites

Since it’s never a good idea to use the same password for everything, you could use this same password string with different last two characters for all your sites:

6s3AhaWk4YH forYahoo

6s3AhaWk4GM for GMail

and so forth.

Make it tougher for the bad guys to guess your passwords!

Only a little. Those rumors you heard about my not being able to see out the rear view mirror coming home are completely unfounded. I promise.

Because I was there on business and had to maximize the use of my time, I had to develop an efficient way to see everything and then to whittle down to things I was most interested in. I also have a mild sensory integration dysfunction, which means that I get overwhelmed really easily. I needed to create a checklist to keep myself on target.

Work the aisles backwards.

On your first visit to the show, go in through the front door and turn left. Eighty to 85% of all show visitors will turn right without thinking and will head for the booths starting with 100. If you turn left and start with the 3400s, you’ll run into a major crowd in the middle, but for at least the first half of your journey you will be much less crowded.

Go during meal or class times when possible. Or go late in the afternoon.

Most visitors to Festival are there for multiple days. They are eager to get started and will show up at the doors every morning before opening time. When class time rolls around, a number of them leave the show floor. Then it’s lunch, then lectures or afternoon classes, and by afternoon they are exhausted.

If you can plan to get there shortly after classes start, there will be fewer people on the floor. Late in the afternoon is another good time to visit the show floor. By that time, all the students are waiting in line for buses and don’t even want to think of walking another step.

On your first visit, make one very fast run through with the floor map in hand.

Don’t stop to visit, don’t shop — have your pen and your map in hand. As you walk the aisles, circle or mark the booths you want to come back to. Carry a highlighter and highlight the ones you especially don’t want to miss.

Once you get back to your hotel room, go through the list of vendors and see if you spot any names that you want to visit but didn’t mark on your first run through. Mark those as well. At this point, I would prioritize them: 1, 2, 3. I might have a dozen “1s” (don’t miss), a bunch of “2s” (really want to see) and an awful lot of “3s” (if my feet hold out).

Now have an adult beverage of your choice and hit the sack. Tomorrow’s another busy day.

On your second trip through, visit the booths you marked in priority order.

Pick up business cards or brochures to help you remember which ones you have seen. If the exhibitor agrees (and if the crowds permit), you could take a snapshot of the booth as another visual reminder.

Third time through, take your time.

This is when to do your major shopping, stop and talk to the vendors, take notes about what you bought and where you got it. Don’t get home and ask yourself where you bought those gorgeous buttons now that you know you need another four of them to complete your project.

But what about the quilts?

I used exactly the same system for the quilt exhibitions.

• Fast runthrough of the whole exhibit floor;
• Second walk through with map, noting ones to examine more closely;
• Careful examination of marked quilts, taking photos where allowed and notes on maker and techniques.

In fairness, I should note that with the advent of digital cameras and enormous memory cards, you could also go through the quilts once only, taking pictures of every one of them plus the cards with artist’s name and statement. That way you’d have a complete record when you got home. If you are anything like me, you’ll be completely brain-fried by the second day. A week after you get home, go through that 16GB of photos and you will see hundreds of quilts you didn’t even remember were there.

Have fun in Houston! And may Artemis, the Goddess of the Hunt, be with you.

When I asked politely for her to unsubscribe me because I hadn’t signed up for her list, she replied that I had to go to her website to unsubscribe myself, and then accused me first of lying about not signing up for her list and then of trying to use other peoples’ problems to increase my own web design business.

Obviously this person has some serious customer service issues, but let’s deal only with the email debacle.

Was it Spam?

The unfortunately named 2003 CAN-SPAM Act (shouldn’t it be “can’t spam?”), which regulates commercial email sent and received within the US, includes a checklist of acceptable practices for transactional and commercial emails. This one violated almost every single requirement of the law.

1. I had never visited the retailer’s website and did not sign up for the email notification.

2. She was sending these emails through her blog software. As a result, there was no link to unsubscribe within the email itself, nor was there a notice to unsubscribe by reply email or other action.

3. The blog software does not use a “double opt-in” system. You’ve probably experienced a double opt-in — you enter your email address and your name on a website form. Then you get an email that says something like “You’re almost there!” and a link that must be clicked to confirm your subscription.

There was absolutely no notification that I had been added to this list, so I was unaware of it until I received the newsletter email.

4. The law requires that the mailing list owner promptly remove anyone who requests to be removed from the list. This can be accomplished either by an unsubscribe link within the email itself or by manual removal when the request is submitted by reply email. Since I replied to the email with a request to be removed, the responsibility was hers to remove my name and email from her database.

5. The Act permits mail list owners to manually add addresses of persons who have done business with the company within the past 24 months. I have never done business with this company.

6. The Act also requires the sender to include a postal address (P O box is fine) and clear instructions on how to opt out of any further emails from the sender. This email contained neither.

7. The Act also specifically forbids “harvesting” of email addresses or obtaining the email addresses from a third party. Because of the address used to send this email to me, I strongly suspect that someone at the company typed in a list of names from a trade show I attended in 2007 — a trade show at which I had no personal contact with the company.

When you import a list of names to your campaign list, most email service providers require that you specify where you got the names and tell you what kinds of lists are acceptable and which are not.

Permission confirmation rules from Campaign Monitor: Click image for larger version.

To sum up: Yes, it was spam.

The email and the responses that I received from this company were in violation of the CAN-SPAM Act on several counts and legally fall under the definition of spam. I don’t plan to report it unless the unwanted emails continue, but the penalties are stiff:

Each separate email in violation of the law is subject to penalties of up to $16,000, and more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible.

What can you do to comply with the Act?

Make certain that you have specific permission from the person before you add their name to your list. If you attend trade shows and collect names, make sure you clearly label your signup sheets with “Sign up for our newsletter!” or a similar phrase.

Set up a double opt-in system, so that a third person can’t add a name to your list without notifying the one who was added.

Make sure that every email you send contains your mailing address and an easy way for the recipient to unsubscribe.

And the best advice I can offer — don’t annoy your potential customers!

Not a friendly way to deal with your customers!

This morning I received a blog post notification email. If you have a WordPress blog or have ever followed someone who does, you know what I mean — you can subscribe to receive an email when an update is posted. It’s a great way to keep up with blogs that you might otherwise forget to check on a regular basis.

Only one problem… I had never even visited this blog, let alone signed up for email notifications.

Make that two problems: The blog owner didn’t provide an unsubscribe link in the email. While this isn’t required by the 2003 CAN-SPAM act that regulates all commercial emails in the US, it is modern standard practice, and people expect to be able to hit the “unsubscribe” button and delete the email.

So I replied to the email with a polite note: “Unsubscribe, please. I have never visited your blog and certainly never signed up for your email notifications.”

To which I received a fairly chilly reply that this person doesn’t subscribe individuals and I should go to the main website page to unsubscribe myself.

This is not my responsibility.

Even if were not required as a matter of law, as a matter of courtesy the site owner should apologize and immediately remove the name from the mailing list.

Oh, but then it got worse. I went to this website to find out that it was using an outdated version of WordPress, known for almost two months to be subject to a serious scripting vulnerability. I notified the site owner that the WordPress installation was unpatched and that the site was possibly being used to send out spam. I received a rather ill-tempered response saying the site was not compromised, and again telling me that I needed to go to it and unsubscribe.

Even if I were interested in this site’s products, they’ve lost me as a customer forever. In addition to which, I’ve now written about it (although without naming the company) and several thousand more people now know about this bad customer management practice.

Be courteous not only to your customers, but to those who might be customers as well. It’s only good business!

UPDATE: I have received one additional email from the company’s spokesperson. I signed my last email with my full name, website address, and “webhosting and web design services” to indicate that I knew what I was talking about. The final email accused me of going out to look for other peoples’ problems in order to build up my own business. Definitely some ill temper going on there. And definitely some customer service problems.